From 5f54ed99caa0838b9909b1803cc2cd8ea1dab400 Mon Sep 17 00:00:00 2001
From: "Russ Combs (rucombs)" <rucombs@cisco.com>
Date: Sun, 16 Jun 2019 20:49:06 -0400
Subject: [PATCH] Merge pull request #1603 in SNORT/snort3 from
 ~BRASTULT/snort3:fp_detect_fix to master

Squashed commit of the following:

commit 4ab32a7ec9d864cf0f2874a40df203b256434769
Author: Brandon Stultz <brastult@cisco.com>
Date:   Fri May 10 01:18:44 2019 -0400

    detection: on PDUs search TCP/UDP portgroups even when user_mode services exist
---
 src/detection/fp_detect.cc | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/src/detection/fp_detect.cc b/src/detection/fp_detect.cc
index c4a42f1e6..e5db0d3dc 100644
--- a/src/detection/fp_detect.cc
+++ b/src/detection/fp_detect.cc
@@ -1276,8 +1276,7 @@ static void fpEvalPacket(Packet* p, FPTask task)
         if ( SnortConfig::get_conf()->sopgTable->user_mode )
             fpEvalHeaderSvc(p, omd, SNORT_PROTO_USER, task);
 
-        // use ports if we don't know service or don't have rules
-        else if ( p->proto_bits & PROTO_BIT__TCP )
+        if ( p->proto_bits & PROTO_BIT__TCP )
         {
             if ( p->get_snort_protocol_id() == UNKNOWN_PROTOCOL_ID or !fpEvalHeaderSvc(p, omd, SNORT_PROTO_TCP, task) )
                 fpEvalHeaderTcp(p, omd, task);
-- 
2.47.3